﻿using System;
using System.Collections;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

using BizElements.Core;
using BizElements.BusinessLayer;

namespace BizElements.Web
{
    /// <summary>Common UI security checks: form permissions, actions permisions...</summary>
    public static class SecurityHelper
    {
        #region DemandFormPermission.

        /// <summary>Key under which default demand form permission rule description is stored. Default: <b>SecurityHelper_DemandFormPermission</b></summary>
        public const string DemandFormPermissionRuleName = "SecurityHelper_DemandFormPermission";

        /// <summary>Throws <see cref="BizElements.BusinessLayer.BrokenRuleException"/> if the user doesn't have requested permissions to load a webform.</summary>
        /// <param name="formLoadActionId">Form load action ID.</param>
        public static void DemandFormPermission(object formLoadActionId)
        {
            DemandFormPermission(formLoadActionId, UiMessages.NotAllowedToExecuteAction);
        }

        /// <summary>Throws <see cref="BizElements.BusinessLayer.BrokenRuleException"/> if the user doesn't have requested permissions to load a webform.</summary>
        /// <param name="formLoadActionId">Form load action ID.</param>
        /// <param name="ruleDescription">Custom rule description.</param>
        public static void DemandFormPermission(object formLoadActionId, string ruleDescription)
        {
            if (!UserSession.Actor.HasPermission(formLoadActionId))
                throw new BrokenRuleException(DemandFormPermissionRuleName, ruleDescription);
        }

        #endregion

        #region DemandActionPermission.

        /// <summary>Key under which the default description of rule for an action/funnction is stored. Default: <b>SecurityHelper_DemandActionPermission</b></summary>
        public const string DemandActionPermissionRuleName = "SecurityHelper_DemandActionPermission";

        /// <summary>Throws <see cref="BizElements.BusinessLayer.BrokenRuleException"/> if the user doesn't have privileges to execute the specified action.</summary>
        /// <param name="actionId">Action/function ID.</param>
        public static void DemandActionPermission(object actionId)
        {
            DemandActionPermission(actionId, UiMessages.NotAllowedToOpenForm);
        }

        /// <summary>Throws <see cref="BizElements.BusinessLayer.BrokenRuleException"/> if the user doesn't have privileges to execute the specified action.</summary>
        /// <param name="actionId">Action/function ID.</param>
        /// <param name="ruleDescription">Custom rule description.</param>
        public static void DemandActionPermission(object actionId, string ruleDescription)
        {
            if (!UserSession.Actor.HasPermission(actionId))
                throw new BrokenRuleException(DemandActionPermissionRuleName, ruleDescription);
        }

        #endregion
    }
}
